Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SD-WAN Hub to Non-Meraki Peer migration

Solved
ArvidS-QD
Conversationalist
Thursday
Thursday

SD-WAN Hub to Non-Meraki Peer migration

Hi,

 

We currently have three Meraki networks configured as hub and spoke. We need to decommission the hub Meraki (MX1) and replace it with a third-party firewall (FW1). 

 

MX1 Hub

MX2 Spoke

MX3 Spoke

 

FW1 New "Hub"

 

Preferably I would move one spoke at a time, but that does not seem to be possible since the IP space is the same on MX1 and FW1 and i get an error indicating this when trying to save the Non-Meraki Peer configuration for MX2.

 

Is the only way forward to turn off Site-to-Site VPN on MX1 and enable the Non-Meraki Peer on MX2 and MX3 at the same time, as well as changing both to Hub mode?

 

I should say my Meraki experience is non-existent.

 

Thank you.

Labels:
0 Kudos
Subscribe
1 Accepted Solution
GIdenJoe
Kind of a big deal
Kind of a big deal
Thursday
Thursday

You'll have to prep your hub firewall with it's networks behind it.

Then make the other two sites hubs so they won't give any errors when you remove the actual hub.

You will then have to first put the hub to off before you can actually add the networks in a non-Meraki VPN.

But my question is the following.  Is it the intention to remove all MX'es or just the one which would be weird.  If it is only the hub you want to have a fully featured firewall you could do well to just change the MX to a one armed concentrator instead and put it behind the new firewall.

View solution in original post

Subscribe
2 Replies 2
GIdenJoe
Kind of a big deal
Kind of a big deal
Thursday
Thursday

You'll have to prep your hub firewall with it's networks behind it.

Then make the other two sites hubs so they won't give any errors when you remove the actual hub.

You will then have to first put the hub to off before you can actually add the networks in a non-Meraki VPN.

But my question is the following.  Is it the intention to remove all MX'es or just the one which would be weird.  If it is only the hub you want to have a fully featured firewall you could do well to just change the MX to a one armed concentrator instead and put it behind the new firewall.

Subscribe
In response to GIdenJoe
ArvidS-QD
Conversationalist
Thursday
Thursday

Thanks @GIdenJoe. The end goal is to replace the spokes as well.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.